Repository 32bit  Forum
Repository 64bit  Wiki
Fri Nov 4 03:31:38 UTC 2016
patches/packages/bind-9.9.9_P4-i486-1_slack14.1.txz: Upgraded.
  This update fixes a denial-of-service vulnerability. A defect in BIND's
  handling of responses containing a DNAME answer can cause a resolver to exit
  after encountering an assertion failure in db.c or resolver.c. A server
  encountering either of these error conditions will stop, resulting in denial
  of service to clients. The risk to authoritative servers is minimal;
  recursive servers are chiefly at risk.
  For more information, see:
  (* Security fix *)
patches/packages/curl-7.51.0-i486-1_slack14.1.txz: Upgraded.
  This release fixes security issues:
  CVE-2016-8615: cookie injection for other servers
  CVE-2016-8616: case insensitive password comparison
  CVE-2016-8617: OOB write via unchecked multiplication
  CVE-2016-8618: double-free in curl_maprintf
  CVE-2016-8619: double-free in krb5 code
  CVE-2016-8620: glob parser write/read out of bounds
  CVE-2016-8621: curl_getdate read out of bounds
  CVE-2016-8622: URL unescape heap overflow via integer truncation
  CVE-2016-8623: Use-after-free via shared cookies
  CVE-2016-8624: invalid URL parsing with '#'
  CVE-2016-8625: IDNA 2003 makes curl use wrong host
  For more information, see:
  (* Security fix *)
patches/packages/glibc-zoneinfo-2016i-noarch-1_slack14.1.txz: Upgraded.
  This package provides the latest timezone updates.